Why Did It Take GM a Decade to Identify Ignition Switch Problems?

General Motors (GM) recalled 588,000 more vehicles last week due to a decade-old ignition switch problem, as questions arose about why the giant automaker took so long to respond to the issue.

Last week’s recall follows on the heels of 780,000-vehicle recall three weeks earlier to fix ignition switch malfunctions that shut down engines, cut the power-assist to brakes and steering, and disabled airbags. Problems caused by the ignition switches are now believed to have resulted in 31 crashes and 13 front-seat deaths. The National Highway Traffic Safety Administration (NHTSA) may investigate whether GM moved quickly enough to address the problem.

”The chronology shows that the process employed to examine this phenomenon was not as robust as it should have been,” said GM North American president Alan Batey, in a press release issued by the automaker last week. The problem, which has been traced as far back as the 2003 model year, involved the “torque performance” of the ignition switch. Because the switch mechanism was out of specification, it could too easily pop out of its “run” position and move to “accessory” or “off” positions, thereby shutting off the ignition and disabling the airbags. The problem could be initiated by something as simple as a heavy keychain or the sudden impact of the vehicle hitting a pothole.

GM says it became aware of issues on its vehicles as early as 2004, when it received a field report of Chevy Cobalt vehicle losing power after a key moved out of the “run” position, according to documents filed with NHTSA. Cobalts in the 2005-2007 model years have been recalled.
(Source: Wikicars)

I was hoping EE Times would publish an article about this, but quite honestly, I thought it would be Junko!

Could this be the same sort of phenomenon as the Toyota unintended acceleration story? The numbers are so small, compared with vehicles of that type on the road, that the issue only seems like glaring oversight when looking back? Doesn't look good for GM, that's for sure.

@Bert, I spotted yesterday that my colleague Chuck Murray over at our sister publication Design News did a great job reporting on this -- so I decided to move this story over here at EE Times.

The blame, i think, actually goes to not just GM but also to NHTSA for the lack of their oversight.

But more relevant to our community and even more fascinating about this story is, as Chuck wrote in his story, this could be a good case study for how big manufacturers [like GM] handle the smallest details of design [or they didn't actually handle it very well].

Hindsight is always 20-20 but some issues are hard to uncover at first. I suspect there were three issues at play here. First, was there a torque specification to move the ignition switch between positions? If not, there there was no test for incoming quality assurance to perform to ensure that the switches met torque specifications. Second, as a switch ages, the components may loosen up and the necessary torque may be reduced. If the torque parameter is not part of the specification, then there would be no reason for repetitive testing of the switch to see if the necessary torque reduced through time. (The expected lifecycle testing to ensure the switch continued to work would not detect this issue). Finally, there has been a trend for keychains to get heavier and bulkier as remote controls, multiple car keys, house keys, work keys, and additional security features get added to the mix. A single key in the ignition could probably run forever without causing trouble. With the benefit of hindsight, it all makes sense. The necessary specifications and test protocols should be simple to implement.

Not like Toyota, the unintended acceleration was not a fault of design in electrical/mechanical/software and was almost entirely the fault of the drivers.

Crashing or having keys on your keychain or even just bumping the keychain as in GM's case is not something you could exactly say is entirely the fault of the drivers. (Crashing is arugable, but the heavy keychain's are not as what kind of car requires you to have just the car key by itself) They also had a design revision of the out of spec switch so they clearly knew it wasn't performing properly even as designed.

GM has a design problem that should have been easy to identify and fix but something went wrong and it wasn't done in a timely fashion. Also shouldn't the airbag control not disable the airbag's if the car is still moving (Software issue is also unlike pedal override which has handling tradeoffs in that you can't use both on a steep hill situation but most drivers don't know how to do that anyways so whatever)? What happens if you crash in an unintended acceleration case (pedal misapplication applies to all brands) and the driver turns the car off intentionally but still crashes. (Pedal override would also work but so would neutral)

Not like Toyota, the unintended acceleration was not a fault of design in electrical/mechanical/software and was almost entirely the fault of the drivers.

Not so, right? After extensive investigation, unintended acceleration was found to be possible in Toyotas if a particular supervisory engine control app crashes. Depending what is going on when this app crashes, it was found that such a crash could lead to a wide open throttle command.

A court case in Oklahoma, extensively covered by Junko Yoshida, brought this to light.

The similarity in both cases is that while the drivers did have some measure of control, it is very different from what a driver normally expects. For example, if the engine is off, or at wide open throttle, you no longer have vacuum assist in the brakes. So you really have to push on that brake pedal to get the car to stop. This happens whether the key has gone to the acc position (wheel unlocked but engine off), or whether the throttle is stuck wide open. (Yes, the brakes do overpower the engine.)

An additional twist in the Toyota case was that when this supervisory app crashes under certain unfortunate conditions, in order for the brakes to work at all, the pedal had to be pushed, released for a few tenths of a second, and then pushed again, to get the brakes to work.

The DOT testing showed even under a single suprivsory control failure the engine control has at least two independent paths of control which would prevent an unitended acceleration event even under the case of an ECU failure.

Study of the event data recorders (Independent of the ECU) found that in all documented cases except ones involving entrapped floor mats it was the accelerator applied and not the break pedal. This data is recorded from dual redudant sensors which in some models could have failed in a double failure condition but this wasn't found either to be the case on inspection after the fact. Quite simply it was the drivers for the most part and this has happened in the past with other mfg as well.

Also in the report from DoT in partnership with NASA they bombarded the ECU with intense interference to attempt to induce a failure as you mentioned and all failure modes resulted in limp mode or stalling.

The NASA report had full access to hardware and source code and used in the cars in question. Also the use of the terminology of an control app isn't really correct as the ECU isn't like a typical operating system and basically runs one "app". Even in the even of a open throttle situation another failsafe exists in the software to control engine speed by fuel restriction. The pedal has double position sensors and pedal release sensor act as the redudant/diverse sensor system. It would arguably be more fail safe than a throttle cable strapped directly to the engine throttle as there are some cases where the wire you get jammed mechanically without electronic failsafes.

The only court case to succeed in any respect was the class action not about any failures but a class action due to the loss of resale value due to perceptions not facts.

The case mentioned in your article was settled out of court and no useable information was released but a SEU and EMI/RFI would not have caused a uncontrolled acceleration as the electronic throttle is fail safe in that there are more than one controller monitoring the system and multiple redudant sensors. The case also had them claiming that a surging car could not be stopped which is also false.

Task X is probably the entire main control loop (We don't have that report and I doubt it was peer reviewed or anything) of the main CPU which isn't the fail safe in reality as most of the main protections are in the main control loop but should it fail to a SEU or external interference a secondary monitor CPU can detect a main CPU fault and drop the car into limp mode.

Unless they have the event data recorder logs to prove it everything in that case is conjecture and all the evidence upto now has shown it was the drivers at fault for the most part. History has proven this with indpendent manufacturers with decades apart and totally different software/hardware/electronics/engineers with the same pattern in these cases.

You owe it to yourself to read the evidence. The throttle is apparently not fail safe, when Task X dies. That was a key finding. And the lawsuits were not for lost resale value at all, in these 2013 cases.

Report wasn't released to the public so I don't/can't consider it based on second hand reporting. In addition the software/hardware model showed how illeterate the report was as Task X the big thing that failed isn't like an app it is probably the main CPU's main loop. Even if the entire main CPU failed the secondary monitor CPU can detect independently the throttle commands to the sensor inputs and put the car into limp mode unless they are suggesting a SEU could simultaniously occur in both independent CPUs which is getting a bit improbable.

This case was also later settled out of court so it wasn't "successful" as the outcome in not avaible for us to see it was unknown and the only case to proceed is the class actions which have proceeded without secret settlements.